Windows Reported to Have ‘Authentication’ Issues

After the last Patch Tuesday updates, many Windows users started to have update-related complaints. According to BleepingComputer, Microsoft has warned that some of the policies have been changed since Windows administrators installed the latest updates. unsuccessful After sharing reports showing that endanger It is reported that the thrower has started to investigate the problems in question. Moreover, this is not the first problem brought by the updates. We shared a similar problem with you in the past days.

According to this new problem mentioned, a number of Windows services authentication problem is happening. In the statement, it is noted that only client and server Windows platforms and systems, including those running Windows 11 and Windows Server 2022, are affected by the current problem; Microsoft said the problem is on servers used as domain controllers. only after updates are installed then it says it’s triggered.

Windows administrators encounter ‘authentication issues’ with many services

Windows administrators encountering problems after installing updates “Authentication failed due to user credential mismatch. The username provided does not match an existing account or the password is incorrect” reports that they have received a warning message. Microsoft, meanwhile, mentions authentication failures for a number of services, including Network Policy Server (NPS), Routing and Remote Access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). notes that it may be the subject.

In another statement, Microsoft said that these problems Windows Kerberos and Active Directory Domain ServicesIt states that it is caused by security updates related to the privilege escalation vulnerabilities in . Accordingly, in Active Directory Domain Services 8.8If this vulnerability (CVE-2022-26923) is not fixed, it means that attackers can use an account’s privileges to elevate a domain administrator’s privileges.

On the other hand, the vulnerability in Windows Kerberos (CVE-2022-26931) 7.5It stands out with its CVSS score, which has a high measure of prevention.

So what can you do?

To mitigate these authentication issues, Microsoft is replacing certificates for Windows administrators with a machine account in Active Directory. manually paired when recommending; to see which domain controller failed the login Kerberos Operational log recommends its use.

A Windows administrator, on the other hand, might find that the only way some users who have installed the latest updates can log in is to use the StrongCertificateBindingEnforcement registry key. disable it by setting it to 0 conveys that. This registry key is used to change the enforcement mode of the company’s Kerberos Deployment Center (KDC) to ‘Compatibility mode’.

Now that Microsoft is actively investigating these issues and offering workarounds, this is a viable fix. soon or at least will take place in June which means it may come with the patch.